package com.hsylient.demo03;

import lombok.SneakyThrows;
import org.junit.Test;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;

/**
 * statement存在sql注入的问题
 */
public class TestStatementBug {

    private static final String URL = "jdbc:mysql://localhost:3306/javaee_2107?useUnicode=true&characterEncoding=utf8&useSSL=true&serverTimezone=Asia/Shanghai";
    private static final String USERNAME = "root";
    private static final String PASSWORD = "root";
    private static final String DRIVER = "com.mysql.cj.jdbc.Driver";

    /**
     * Statement 存在sql注入的风险
     */
    @Test
    @SneakyThrows
    public void testStatement() {
        Class.forName(DRIVER);
        Connection connection = DriverManager.getConnection(URL, USERNAME, PASSWORD);
        Statement statement = connection.createStatement();
        String sql = "select * from user where id = 3 or 1=1";
        ResultSet resultSet = statement.executeQuery(sql);
        while (resultSet.next()) {
            System.out.print(String.format("id:%s \t", resultSet.getString("id")));
            System.out.print(String.format("username:%s \t", resultSet.getString("username")));
            System.out.println(String.format("password:%s \t", resultSet.getString("password")));
        }
    }
}
